Introducing OneTrust: A New Way to Assess Data Risk at Stanford

OneTrust — a new tool to request, track, and automate data risk assessments (DRAs) at Stanford — is now available as a beta test version.

After completing a comprehensive discovery project in 2023, the University Privacy Office (UPO) and Information Security Office (ISO) selected OneTrust as the solution for enhancing Stanford’s DRA system, process, and user experience. The new tool offers many key benefits, including:

• A simplified, dynamic DRA submission form
• Reduced processing time and administrative burden
• Robust notifications and alerts
• Instantaneously generated reports
• Customized security and privacy requirement guidance specific to your project

To learn more about and launch the beta version of OneTrust, visit the DRAs in OneTrust webpage. 

Help test and improve the system

While the new tool is fully functional, this beta testing period is an opportunity to continue refining usability as the updated process is applied to Stanford-specific use cases. If you use OneTrust to complete the DRA form and process, we invite you to share feedback about your experience. 

Please note that the legacy DRA system (REDCap) will continue to run concurrently. If you have an in-progress assessment that was already submitted through the legacy DRA system, you are not required to request a new DRA through OneTrust. The DRA team plans to transfer all assessments to OneTrust on your behalf. If you wish to move your assessment into OneTrust to accelerate the process, please contact the DRA team at dra_review@lists.stanford.edu by Feb. 23.  

DRA and OneTrust support 

• Visit the DRAs in OneTrust webpage to access FAQs and documentation.
• If you have questions about the new system and process, reach out to the DRA team at dra_review@lists.stanford.edu. 
• We also invite you to attend DRA office hours, which are held every Wednesday from 11 a.m. to noon (Zoom link).